Archive for the ‘Botnets’ Category

The research on browser-based botnets presented during the recent Blackhat conference in Las Vegas touches on our previous study on the abuse of HTML5. Most importantly, it shows how a simple fake online ad can lead to formidable threats like a distributed denial of service (DDoS) attack.
In their briefing, Jeremiah Grossman and Matt Johansen showed that it is possible to initiate a massive distributed denial of service (DDoS) attack via a browser-based botnet. To create the botnet itself, the potential ...

For a few months now, we have been actively monitoring a spambot named Stealrat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable CMS software such as Wordpress, Joomla and Drupal.
In this entry, we will discuss how website administrators can check if their website is compromised and part ...

The Andromeda botnet is still active in the wild and not yet dead. In fact, it's about to undergo a major update real soon. This botnet was first reported back in 2011 but has recently risen to prominence due to the latest modifications in the threat.
Initially, this project to update Andromeda was about to die but the botnet's author found a successor (even though he did not officially retire). Here is the author's previous post, which basically says that if ...

Advances in spam detection meant that spam operators had to find ways to circumvent new technologies. For instance, Asprox made significant improvements in their spam and module architecture whereas Pushdo made use of decoy network traffic.
Recently, we have discovered a new simple method used by a spam botnet we named StealRat. It consists of 3 essential things:
Compromised website for sending spam
Compromised systems for harvesting and delivering the spam data
Compromised website for delivering the payload
Figure 1. StealRat method
In this set ...

In our monitoring of the GAMARUE malware family, we found a variant that used the online code repository SourceForge to host malicious files. This finding is the latest development we've seen since the increase in infection counts observed last month.
SourceForge is a leading code repository for many open-source projects, which gives developers a free site that allows them to host and manage their projects online. It is currently home to more than 324,000 projects and serves more than 4 million ...